Category: Encryption

It’s October! This means that—along with all those ever-important holidays like “Global Handwashing Day,” “National Feral Cat Day,” and “International Day of the Nacho“—it is National Cybersecurity Awareness Month! Unlike “Sweetest Day” (which I had honestly never heard of until I moved to Michigan), you do not have to buy someone candy to show your affections, you simply need to make certain that you are taking care to protect your online privacy.

As part of NCSAM, I thought that I would talk a bit about something we do not consider much: the password. Many of us realize that they are unavoidable, but consider them a nuisance that has to be worked around in order to do the things we want or need to do.

The average person spends eleven hours connected to the internet every day. From banking to chatting with friends, uploading a paper on Canvas to registering for classes, there is really no limit to the things we do on a daily basis online. Almost every single resource we use—from Facebook to Wayne Connect—is secured with a password. You may choose to better secure yourself using two-factor authentication (which I covered last year for NCSAM) but the first line of defense is always our password.

Sadly, most of the population is really bad at creating passwords. For example, this past week, I happened to watch the first episode of the Murphy Brown reboot, in which Candice Bergen’s character instructs her son to use “password” as the password for a new Twitter account. Amazingly, the IRS was actually discovered to be using “password” for a password for secure systems in 2015.

I find it interesting that we still have lists of worst passwords. In 2017, Time Magazine reported this list of the top ten worst passwords:

123456

Password

12345678

qwerty

12345

123456789

letmein

1234567

football

iloveyou

These few statistics point out exactly why we cannot take risks with simple passwords:

10,000 of the most common passwords (such as 12345, qwerty, or 123456) can access 98% of accounts.

90% of passwords generated by users are vulnerable to hacking.

The average user has around 26 online profiles or accounts, yet they only use five passwords for all of them.

In 2014, five million Gmail passwords were hacked and released online.

In 2017, Yahoo admitted that the data breach that had occurred three years earlier reached three million accounts.

So, what is important in creating a password?

Make it unique. Do not use the same password for more than one account. If a hacker gains access to one account, they will have access to every account using that password.

Make it long. Longer passwords are simply more secure. You should be using at least eight characters.

Use a phrase.Using more than one word increases its security. Use a phrase no one else would know.

Vary the characters. Combine uppercase, lowercase, numbers, and special characters in your password. This has become a requirement for many accounts. As an example, using this and the last suggestion, if you wanted to set your password as “happy birthday”, write it as “H@ppyB1r+hD@y.”

Avoid personal information and common words.Do not use information that someone could easily find out. If someone can learn your child’s name and the day they were born from a simple Facebook post, you are not choosing a good password.

With those thoughts, I would highly suggest that you consider using a password manager to create and maintain unique credentials for all of your profiles. A password manager is a type of software that creates, stores, and protects passwords. The best of these services should have an app for your mobile device that works in conjunction with add-ons for your computer’s browsers. This allows you to have your information everywhere you go.

Some of the top password managers are Dashlane, LastPass, and Keeper. Though there are free versions of some of these, they are often limited to the number of passwords they will store or how much you can share a password. Given the cost and hassle that goes along with identity theft, these programs are generally worth the cost. Since most of us have many accounts we are juggling in our lives, we would all be best served by using one.

Good news to remember for NCSAM! I know how much people complain when our Wayne State accounts require us to change our password. Because we would want to encourage all of the Wayne State family to use better passwords, C&IT instituted a policy where we will never again ask you to change your password if it meets certain strength requirements.

Have a wonderful National Cyber Security Awareness Month! Celebrate by spending a little time making certain that your information is safe both at home and work.

If you’d like some more tips for creating a secure password, see this excellent infographic from Mike’s Gear Reviews below.

In honor of National Cyber Security Awareness Month (NCSAM), I thought it would be helpful to explain three key Wayne State University technology systems that help protect the network and the privacy of employees and students. Keep an eye out all month for this series!

The first technology that I want to discuss is the WSU Virtual Private Network or VPN.

In a recent discussion with a colleague in my home academic department, I was asked: “What is this VPN thing that I’m being asked to use to access STARS?”

Simply put, I explained, once you sign in to the VPN it is the equivalent to being on campus and working on WSU’s network. A VPN provides a secure, encrypted tunnel in which data is transmitted between the remote user and a company’s network. It allows our Wayne State employees to access systems remotely and maintain a secure link to those important systems.

VPNs are becoming more well known since the federal government recently overturned regulations that would have required internet service providers to get your explicit consent before they share or sell your web browsing history and other sensitive information [i]. For this reason, many tech-savvy consumers are choosing to use a private VPN service to protect their identity and online activity. In the same way as described above, this means that no one can eavesdrop or track a user’s online activities.

A VPN is especially useful when accessing public Wi-Fi hotspots that may not be secure or when accessing the internet from another country. They provide you, the consumer, with unfettered internet access, and help to prevent data theft and unblock websites.

As privacy matters are becoming more and more important, secure technologies make certain that the data that we use in our work here at Wayne State is secure. I would also suggest, if you are concerned about your own privacy on the internet, that you consider using these technologies in your everyday usage of the internet. There are many VPN services available to the public and they can do a great deal to protect your information.

The Wayne State VPN has an additional layer of security with two-factor authentication. I’ll share more about how this works next week.

The opinions expressed in this blog are solely those of the individuals posting them and do not necessarily represent the views of Wayne State University, its administration, faculty, staff or students. The University is not responsible for the accuracy of blog content and accepts no liability for such material.